HTTPS with ALE

Can we use HTTPS with ALE to establish a connection between the HR and ERP system?  There are seperate instances for FI and HCM and we require an ALE interface between them.  RFC with SNC is not an option so am wondering if there is an ALE with HTTPS route we can take?  Any info will be greatly appreciated.

Hi Fahad,
As far i know there is no way to using https for ALE without PI. because ALE is base on RFC technology not http / https.
if my knowledge correct then you might need to use other middleware like SAP PI, webMethods, Tipco etc or if not you might need to do some customize scenario using webservices. but both of your ERP and HCM must be at least ECC 6.
for IDOC for example you can set the port to generate xml file. and create program to pickup and send it over soap https to HCM system.
Please correct me if i am wrong.
Regards
Fernand.

Similar Messages

  • File to convert to IDOC from bus.service failes with ALE#LI

    Hello,
    we habe implemented a scenario:
    Non SAP system sends a structure to be uploaded to an R/3 system as IDOC.
    All config looks fine.
    We followed this description:
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/877c0d53-0801-0010-3bb0-e38d5ecd352c
    So system is identified in adapter specific data as log.sys. LS test1 .
    But we have this error:
    Unable to convert partner abc / ALE#LI into an IDOC partner (message in german, only translated)!
    Does anybody has an idea what is wrong?
    Is it necessary to have the log.sys name in the message e.g. in SNDPRN?
    Here we have after mapping:
      <SNDPOR>testABC</SNDPOR>
      <SNDPRT>LI</SNDPRT>
    Best regards
    Dirk
    Message was edited by: Dirk Meinhard
    Message was edited by: Dirk Meinhard

    Hi Nimrod,
    looks like I am not totally wrong here, but working together with externals who provide the outbound side is not really easy for testing.
    Here is the EDI_DC-40 segment AFTER the Mapping, so the XML for the inbound IDOC:
    - <PORDCR05>
    - <IDOC BEGIN="1">
    - <EDI_DC40 SEGMENT="1">
      <TABNAM>EDI_DC40</TABNAM>
      <MANDT>010</MANDT>
      <DIRECT>1</DIRECT>
      <IDOCTYP>PORDCR05</IDOCTYP>
      <MESTYP>PORDCR</MESTYP>
      <SNDPOR>A000000039</SNDPOR>
      <SNDPRT>LI</SNDPRT>
      <SNDPRN>0005354880</SNDPRN>
      <RCVPOR>SAPK10</RCVPOR>
      <RCVPRT>LS</RCVPRT>
      <RCVPRN>LOG10</RCVPRN>
      </EDI_DC40>
    Here is the error message:
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    - <!--  Aufruf eines Adapters
      -->
    - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="">
      <SAP:Category>XIAdapter</SAP:Category>
      <SAP:Code area="IDOC_ADAPTER">ATTRIBUTE_INV_SND_PARTY</SAP:Code>
      <SAP:P1>Partner_ABC</SAP:P1>
      <SAP:P2>ALE#LI</SAP:P2>
      <SAP:P3 />
      <SAP:P4 />
      <SAP:AdditionalText />
      <SAP:ApplicationFaultMessage namespace="" />
      <SAP:Stack>Sender XI Party Partner_ABC / ALE#LI / could not be converted to IDoc Partner </SAP:Stack>
      <SAP:Retry>M</SAP:Retry>
      </SAP:Error>
    In my opinion we have to implement in WE20 of receiver R/3 system a partner LI with this number A000000039 from the EDI DC 40 segment? And we need to add it as identifier LOGICAL with ALE#LI and this number A000000039.
    R/3 consultant says he cannot do this in the receiver R/3 system because the sender is no supplier in his system!
    regards
    Dirk

  • How to start with ALE and Idocs

    Hi,
    I want to start with ALE/Idocs, Could you please guide me from where should I get the docs for that.
    A lot of thanks in Advance

    Hi Nitin ,
    Pls go through the book by Arvind Nagpal , one of the best books that no one should miss.
    Have a look at this site as well
    http://www.riyaz.net/blog/beginners-guide-to-ale-and-idocs-part-iii/
    Check this thread, where you have step by step creation of IDOCs:
    idocs
    Check these links, where you get the complete information on IDOCs:
    http://help.sap.com/saphelp_erp2005/helpdata/en/0b/2a60bb507d11d18ee90000e8366fc2/frameset.htm
    http://help.sap.com/saphelp_erp2005/helpdata/en/78/217da751ce11d189570000e829fbbd/frameset.htm
    http://www.sapgenie.com/sapedi/index.htm
    http://www.sappoint.com/abap/ale.pdf
    http://www.sappoint.com/abap/ale2.pdf
    Regards,
    Vvieks

  • QRFC with ALE for outbound interfaces

    I'm working on a client that is using ERP 4.7 (R/3).  We would like to use the ALE qRFC addition to utilize the serialization concept.  In the partner profile, I see a check box that says "queue processing". To our understanding, it enables qRFC  with ALE. But how does the function module (FM) MASTER_IDOC_DISTRIBUTE determine which queue naming function module to call from transaction WE85?  WE85 is a transaction where you define a function module to set your queue name based on the control record or IDOC.  Do you pass the Rule Name from WE85 into the MASTER_IDOC_DISTRIBUTE and thus ALE calls the associated queue naming FM ? If so, what field do you set in the control record?

    http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/05daa0b5133ca0e10000000a42189c/frameset.htm
    http://help.sap.com/saphelp_nw70ehp1/helpdata/en/c7/4efe402762ef6fe10000000a1550b0/frameset.htm
    http://help.sap.com/saphelp_nw70ehp1/helpdata/en/c2/4356429c69b430e10000000a155106/frameset.htm
    http://help.sap.com/saphelp_nw70ehp1/helpdata/en/e7/555e3c0f51a830e10000000a114084/frameset.htm
    Please go through this link.
    This would help you..

  • How to use HTTPS with sender SOAP Adapter

    Hi,
    I am implementing a synchronous SOAP- proxy scenario and on the sender communication channel I have to use the Http Security Level as "HTTPS with client Authentication".
    Where from I get the certificates to be used in sender Agreement.
    Please give me a step by step approach to achieve this.
    Regards,
    Nitin

    Nitin,
    Kindly go through the below links ...
    http://help.sap.com/saphelp_nw04/helpdata/en/1f/7e2441509fa831e10000000a1550b0/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
    Also, make a search on the SDN as this question has been answered many a times on the forum.
    Regards,
    Neetesh

  • Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

    Hello All,
    We are currently building up a HTTPS message exchange with an external client.
    Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
    The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
    Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
    Now we have to configure the addtional Client Authentication.
    At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
    But what are the next steps to get this scenario successfully in place?
    Many thanks in advance!
    Jochen

    Hi Colleagues,
    following Steps still have to be done:
    - Mapping public key to technical user at Java Stack
      As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
    - Be sure CA root certivicate at Database under STRUSTSSO2
    - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
    - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
    Many thanks to all for support!
    Regards,
    Jochen

  • HTTPS with Client Authentication not available in EHP1?

    Hi Guys,
    I am not seeing this option in PI 7.1 EHP1.
    At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
    any help would be appreciated
    Thanks,
    Srini

    Hi Srinivas,
    I didnot use it personally. But when I see on SAP help I dont see that option anywhere. Please see this sap help:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/48/3555240bea31c3e10000000a42189d/content.htm
    But you have an option sender agreeement for security. Please see this help:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/48/ceb8cf18d3424be10000000a421937/content.htm
    Since we have the option to skip the adapter engine they have enabled this option in http adapter. So you can directly hit to integration engine skipping the adapter framework, which will help in improving the performance. Please see this help on this:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/43/64db4daf9f30b4e10000000a11466f/frameset.htm
    Regards,
    ---Satish

  • Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.

    Hi friends,
    Our scenario is as follows:
    We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
    We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
    1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
    2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
    3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
    4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
    When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
    Please let us know if we have missed out some step.
    What does error message indicate,
    Regards,
    Rehan

    Hi Rehan,
    I see that the PROCTIMEOUT was already at a very high value.
    Does this occur for messages of a particularly large size?  If yes, you could increase the parameter
       icm/HTTP/max_request_size_KB = 2097152
    This would need to be done in the sender/receiver system as well as XI.
    Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
    check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
    Kind regards,
    Sarah

  • Can we go with ALE configuration instead of receiver idoc adapter at target

    Hi Experts,
    Could you please provide me some idea when why don't we go with ALE configuration to exchange IDOC from PI  to Target system instead of configuring receiver IDOC adapter at target side.

    Hi Raj
    Point 1:
    When we send IDoc from SAP system to PI ,it used ALE connections nothing but using RFC destination and Port it establishes the connection IDoc will reach PI ABAP Stack.
    Point 2:
    When we send IDoc to ECC using PI IDoc adapter it uses the same mechanism(RFC destination/Port),but the only purpose of IDoc comm8unication channel is to call RFCDEstination and Port created in PI.
    i.e: There is no difference in communication(Point 1 and Point 2) both uses TRFC calls.
    Regards,
    Raj

  • HTTPS with Client Authentication in SOAP sender Adapter

    Hi All,
    In SOAP Sender communication channel. When I generate WSDL with “HTTP Security Level = HTTP:” it works when third party tries to send data to XIwebservice.
    But when I tried with “HTTPS with Client Authentication” option its giving error
    “InfoPath either cannot connect to the data source, the service has timed out, or the server has an invalid certificate.”
    Please guide how to use “HTTPS with Client Authentication” option, and what all configuration need to apply in XI & in third party to use this.
    Regards

    Rohan,
    With spy you can trace the entire route, since you are using client authentication using certificate, it would be a better option to verify with the certificate.
    You also have the option of using a username/pwd combo though that is not advocated as it lowers security levels and is permeable to passive sniffing.
    So the answer to your question is yes, after importing the certificate with sender and third party reciever a test would reveal the complete scenario along with any issues that you could encounter..
    Regards
    Ravi Raman

  • HTTPS with null cipher

    Hi,
    I have two OSB's communicating over SSL.
    How do I configure Weblogic to use a particular cipher during communication.
    I want the communication to use TLS_RSA_WITH_NULL_SHA, or any null cipher, so that
    the content can be scanned as it passed through a firewall.

    Hi Rana da,
    If you want to use Https, make sure Https service must be activated in the system. Check Tcode: SMICM for HTTPS status.
    Have a look at below link
    Sender SOAP Adapter: HTTPS with Client Authentication

  • Https with SCEP?

    Has anyone been able to get https to work with SCEP?
    Right now I'm just trying to authenticate a trustpoint and it does work if I use http as my enrollment URL but as soon as I change it https I get the following: Unable to locate cert record by issuername in my debug.
    The router is communicating with the server (over https) because I can see it reading the subject of the certificates in the chain but it keeps erroring out, I get: Cert record not found, returning E_NOT_FOUND for each certificate in the chain until ultimately it dies and gives the Unable to locate cert record by issuername.
    Thanks!!

    Hi Rana da,
    If you want to use Https, make sure Https service must be activated in the system. Check Tcode: SMICM for HTTPS status.
    Have a look at below link
    Sender SOAP Adapter: HTTPS with Client Authentication

  • Https with client authentication handshake_failure

    Hi everyone. I hope anyone could help me. I have a client class 1 certificate from verisign (digital id) which is needed for https service request. I have installed it on Internet Explorer and it works fine:
    1) Internet Explorer ask me to trust in https server certificate.
    2) I accept the server certificate
    3) Internet Explorer ask me for select which client certificate send to server.
    4) I select my verisign client certificate
    5) Https server returns an xml with the response of the service.
    Now I have to implement this behaviour in Java. I have exported the client certificate to a .pfx file from Internet Explorer. Now I use this file directly as my key store. Then I used Internet Explorer to export server certificate as a .cer file and imported it into cacerts. The fact is that no matters what kind of transformation on the client certificate nor what validations i disable: I always get "Received fatal alert: handshake_failure" exception when trying to do in.readLine() (where in comes from BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));).
    I couldn't guess that connecting to a https server with client certificate was so difficult. I have read lots of examples and documentation, that always drive me to implement the same code.
    Sincerely, I don't use to ask in forums when having the first problems, but this time I'm really frustrated.
    Thanks in advance for any answer.

    Hi Rana da,
    If you want to use Https, make sure Https service must be activated in the system. Check Tcode: SMICM for HTTPS status.
    Have a look at below link
    Sender SOAP Adapter: HTTPS with Client Authentication

  • HTTPS With Client Authentication

    Hi,
    I've created a simple Web Service in PI 7.11 SP 4 when trying to connect to the Web Service from Soap UI I get the following error:
    java.security.AccessControlException: client certificate required
    In the the transaction scim the following can be seen:
    [Thr 5061] <<- SapSSLSessionInit()==SAP_O_K
    [Thr 5061]      in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"
    [Thr 5061]     out: sssl_hdl = 1117534b0
    [Thr 5061] <<- SapSSLSetSessionCredHdl(sssl_hdl=1117534b0)==SAP_O_K
    [Thr 5061]      in: sssl_hdl = 1117534b0
    [Thr 5061]      in: cred_hdl = 116cfc110
    [Thr 5061] NiIBlockMode: set blockmode for hdl 271 TRUE
    [Thr 5061]   SSL NI-sock: local=XX.XX.XX.XX:50001  peer=XX.XX.XX.XX:2310
    [Thr 5061] <<- SapSSLSetNiHdl(sssl_hdl=1117534b0, ni_hdl=271)==SAP_O_K
    [Thr 5061] <<- SapSSLSessionStart(sssl_hdl=1117534b0)==SAP_O_K
    [Thr 5061]          status = "resumed SSL session, NO client cert"
    The fault is not at the Soap UI end as I've fired the request at a Tomcat server and confirmed that a certificate is sent when requested.
    Sender Communication Channel, 
    Transport Protocol: HTTP,
    Message Protocol: Soap 1.1,
    Adapter Engine: Central Adepter Engine,
    HTTPS with Client Authentication,
    Keep Headers
    Any ideas?
    Kind regards,
    John

    Hi Peter,
    If memory serves we did not find a solution to this problem. I think, and a quick check of the configuration suggests I'm right, that we're handling the HTTPS connection on an IIS box and passing it through to a non encrypted HTTP sender on PI.
    It may be that Soap UI is not configured correctly, however when I was getting the 'client certificate required', as mentioned in the original post, I'd confirmed that soap UI was correctly configured by connecting to an alternative Web Service. I also used Wireshark to see whether or not a certificate was being requested, or sent. It's invaluable if you're using Soap UI.
    All the best,
    John

  • HTTPS with client auth

    Hello , I am working on a scenario to implement Client Authentication with HTTPS , i got to a blog where its mentioed of steps of implementing HTTPS with Client auth on XI system , in order to test it i would also require a webservice client that works for this purpose. i got to SAP Soap client , but whatz the way to generate the certificate request so that i can send it to CA and get it signed any ideas pl?

    Hi together,
    i have the same problem? is anybody out there who could give us some hints?
    many thanks
    alex schramm

Maybe you are looking for

  • HT4623 When I go to my mail it is now asking me for my yahoo account password I try and it does not work please help

    I opened my I pad and for the first time it's asking me to show my yahoo password and I try and it does not work

  • Panel, title window buttons

    Hi everybody I wonder, i know its possible to add buttons, to the titlebar of a title window, but i don't know how its done, can someone explain me please? or send me a link with a tutorial. Also i'd like to know if its possible to add another type o

  • RA00 Discount on net, RA01 Discount on Gross

    Hi I am trying to have a discount in the purchasing order, I used RA00, but I don t know exactelty the difference between RA00 RA01. practically they seem similar when I use them. please provide a concrete example to explain me the difference betewee

  • Creating java sockets behind proxy servers.

    Hi, I am trying to create a socket to an external server(i.e. a public server) from behind a proxy firewall, but the socket creation statement throws an IO exception. Can someone please let me know how to create sockets using proxy servers. TIA Shish

  • 5000 exclamation marks in iPhoto

    Hi, When Aperture 3 was released I duly purchased it, imported my 18000-or-so item iPhoto library, and got to work. When today I noticed one particular photo conspicuously missing, I went back to iPhoto to see if I could reimport it. The thumbnail of